<!DOCTYPE HTML>

<html lang="en">
<head>

<title>DefaultPermissionGrantingStrategy (spring-security-docs 5.6.3 API)</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<link rel="stylesheet" type="text/css" href="../../../../../stylesheet.css" title="Style">
<link rel="stylesheet" type="text/css" href="../../../../../jquery/jquery-ui.css" title="Style">
<script type="text/javascript" src="../../../../../script.js"></script>
<script type="text/javascript" src="../../../../../jquery/jszip/dist/jszip.min.js"></script>
<script type="text/javascript" src="../../../../../jquery/jszip-utils/dist/jszip-utils.min.js"></script>
<!--[if IE]>
<script type="text/javascript" src="../../../../../jquery/jszip-utils/dist/jszip-utils-ie.min.js"></script>
<![endif]-->
<script type="text/javascript" src="../../../../../jquery/jquery-3.5.1.js"></script>
<script type="text/javascript" src="../../../../../jquery/jquery-ui.js"></script>
</head>
<body>
<script type="text/javascript"><!--
    try {
        if (location.href.indexOf('is-external=true') == -1) {
            parent.document.title="DefaultPermissionGrantingStrategy (spring-security-docs 5.6.3 API)";
        }
    }
    catch(err) {
    }
//-->
var data = {"i0":10,"i1":10};
var tabs = {65535:["t0","All Methods"],2:["t2","Instance Methods"],8:["t4","Concrete Methods"]};
var altColor = "altColor";
var rowColor = "rowColor";
var tableTab = "tableTab";
var activeTableTab = "activeTableTab";
var pathtoroot = "../../../../../";
var useModuleDirectories = true;
loadScripts(document, 'script');</script>
<noscript>
<div>JavaScript is disabled on your browser.</div>
</noscript>
<header role="banner">
<nav role="navigation">
<div class="fixedNav">

<div class="topNav"><a id="navbar.top">

</a>
<div class="skipNav"><a href="DefaultPermissionGrantingStrategy.html#skip.navbar.top" title="Skip navigation links">Skip navigation links</a></div>
<a id="navbar.top.firstrow">

</a>
<ul class="navList" title="Navigation">
<li><a href="../../../../../index.html">Overview</a></li>
<li><a href="package-summary.html">Package</a></li>
<li class="navBarCell1Rev">Class</li>
<li><a href="package-tree.html">Tree</a></li>
<li><a href="../../../../../deprecated-list.html">Deprecated</a></li>
<li><a href="../../../../../index-all.html">Index</a></li>
<li><a href="../../../../../help-doc.html">Help</a></li>
</ul>
</div>
<div class="subNav">
<ul class="navList" id="allclasses_navbar_top">
<li><a href="../../../../../allclasses.html">All&nbsp;Classes</a></li>
</ul>
<ul class="navListSearch">
<li><label for="search">SEARCH:</label>
<input type="text" id="search" value="search" disabled="disabled">
<input type="reset" id="reset" value="reset" disabled="disabled">
</li>
</ul>
<div>
<script type="text/javascript"><!--
  allClassesLink = document.getElementById("allclasses_navbar_top");
  if(window==top) {
    allClassesLink.style.display = "block";
  }
  else {
    allClassesLink.style.display = "none";
  }
  //-->
</script>
<noscript>
<div>JavaScript is disabled on your browser.</div>
</noscript>
</div>
<div>
<ul class="subNavList">
<li>Summary:&nbsp;</li>
<li>Nested&nbsp;|&nbsp;</li>
<li>Field&nbsp;|&nbsp;</li>
<li><a href="DefaultPermissionGrantingStrategy.html#constructor.summary">Constr</a>&nbsp;|&nbsp;</li>
<li><a href="DefaultPermissionGrantingStrategy.html#method.summary">Method</a></li>
</ul>
<ul class="subNavList">
<li>Detail:&nbsp;</li>
<li>Field&nbsp;|&nbsp;</li>
<li><a href="DefaultPermissionGrantingStrategy.html#constructor.detail">Constr</a>&nbsp;|&nbsp;</li>
<li><a href="DefaultPermissionGrantingStrategy.html#method.detail">Method</a></li>
</ul>
</div>
<a id="skip.navbar.top">

</a></div>

</div>
<div class="navPadding">&nbsp;</div>
<script type="text/javascript"><!--
$('.navPadding').css('padding-top', $('.fixedNav').css("height"));
//-->
</script>
</nav>
</header>

<main role="main">
<div class="header">
<div class="subTitle"><span class="packageLabelInType">Package</span>&nbsp;<a href="package-summary.html">org.springframework.security.acls.domain</a></div>
<h2 title="Class DefaultPermissionGrantingStrategy" class="title">Class DefaultPermissionGrantingStrategy</h2>
</div>
<div class="contentContainer">
<ul class="inheritance">
<li>java.lang.Object</li>
<li>
<ul class="inheritance">
<li>org.springframework.security.acls.domain.DefaultPermissionGrantingStrategy</li>
</ul>
</li>
</ul>
<div class="description">
<ul class="blockList">
<li class="blockList">
<dl>
<dt>All Implemented Interfaces:</dt>
<dd><code><a href="../model/PermissionGrantingStrategy.html" title="interface in org.springframework.security.acls.model">PermissionGrantingStrategy</a></code></dd>
</dl>
<hr>
<pre>public class <span class="typeNameLabel">DefaultPermissionGrantingStrategy</span>
extends java.lang.Object
implements <a href="../model/PermissionGrantingStrategy.html" title="interface in org.springframework.security.acls.model">PermissionGrantingStrategy</a></pre>
</li>
</ul>
</div>
<div class="summary">
<ul class="blockList">
<li class="blockList">

<section role="region">
<ul class="blockList">
<li class="blockList"><a id="constructor.summary">

</a>
<h3>Constructor Summary</h3>
<table class="memberSummary">
<caption><span>Constructors</span><span class="tabEnd">&nbsp;</span></caption>
<tr>
<th class="colFirst" scope="col">Constructor</th>
<th class="colLast" scope="col">Description</th>
</tr>
<tr class="altColor">
<th class="colConstructorName" scope="row"><code><span class="memberNameLink"><a href="DefaultPermissionGrantingStrategy.html#%3Cinit%3E(org.springframework.security.acls.domain.AuditLogger)">DefaultPermissionGrantingStrategy</a></span>&#8203;(<a href="AuditLogger.html" title="interface in org.springframework.security.acls.domain">AuditLogger</a>&nbsp;auditLogger)</code></th>
<td class="colLast">
<div class="block">Creates an instance with the logger which will be used to record granting and
denial of requested permissions.</div>
</td>
</tr>
</table>
</li>
</ul>
</section>

<section role="region">
<ul class="blockList">
<li class="blockList"><a id="method.summary">

</a>
<h3>Method Summary</h3>
<table class="memberSummary">
<caption><span id="t0" class="activeTableTab"><span>All Methods</span><span class="tabEnd">&nbsp;</span></span><span id="t2" class="tableTab"><span><a href="javascript:show(2);">Instance Methods</a></span><span class="tabEnd">&nbsp;</span></span><span id="t4" class="tableTab"><span><a href="javascript:show(8);">Concrete Methods</a></span><span class="tabEnd">&nbsp;</span></span></caption>
<tr>
<th class="colFirst" scope="col">Modifier and Type</th>
<th class="colSecond" scope="col">Method</th>
<th class="colLast" scope="col">Description</th>
</tr>
<tr id="i0" class="altColor">
<td class="colFirst"><code>protected boolean</code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="DefaultPermissionGrantingStrategy.html#isGranted(org.springframework.security.acls.model.AccessControlEntry,org.springframework.security.acls.model.Permission)">isGranted</a></span>&#8203;(<a href="../model/AccessControlEntry.html" title="interface in org.springframework.security.acls.model">AccessControlEntry</a>&nbsp;ace,
<a href="../model/Permission.html" title="interface in org.springframework.security.acls.model">Permission</a>&nbsp;p)</code></th>
<td class="colLast">
<div class="block">Compares an ACE Permission to the given Permission.</div>
</td>
</tr>
<tr id="i1" class="rowColor">
<td class="colFirst"><code>boolean</code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="DefaultPermissionGrantingStrategy.html#isGranted(org.springframework.security.acls.model.Acl,java.util.List,java.util.List,boolean)">isGranted</a></span>&#8203;(<a href="../model/Acl.html" title="interface in org.springframework.security.acls.model">Acl</a>&nbsp;acl,
java.util.List&lt;<a href="../model/Permission.html" title="interface in org.springframework.security.acls.model">Permission</a>&gt;&nbsp;permission,
java.util.List&lt;<a href="../model/Sid.html" title="interface in org.springframework.security.acls.model">Sid</a>&gt;&nbsp;sids,
boolean&nbsp;administrativeMode)</code></th>
<td class="colLast">
<div class="block">Determines authorization.</div>
</td>
</tr>
</table>
<ul class="blockList">
<li class="blockList"><a id="methods.inherited.from.class.java.lang.Object">

</a>
<h3>Methods inherited from class&nbsp;java.lang.Object</h3>
<code>clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait</code></li>
</ul>
</li>
</ul>
</section>
</li>
</ul>
</div>
<div class="details">
<ul class="blockList">
<li class="blockList">

<section role="region">
<ul class="blockList">
<li class="blockList"><a id="constructor.detail">

</a>
<h3>Constructor Detail</h3>
<a id="&lt;init&gt;(org.springframework.security.acls.domain.AuditLogger)">

</a>
<ul class="blockListLast">
<li class="blockList">
<h4>DefaultPermissionGrantingStrategy</h4>
<pre>public&nbsp;DefaultPermissionGrantingStrategy&#8203;(<a href="AuditLogger.html" title="interface in org.springframework.security.acls.domain">AuditLogger</a>&nbsp;auditLogger)</pre>
<div class="block">Creates an instance with the logger which will be used to record granting and
denial of requested permissions.</div>
</li>
</ul>
</li>
</ul>
</section>

<section role="region">
<ul class="blockList">
<li class="blockList"><a id="method.detail">

</a>
<h3>Method Detail</h3>
<a id="isGranted(org.springframework.security.acls.model.Acl,java.util.List,java.util.List,boolean)">

</a>
<ul class="blockList">
<li class="blockList">
<h4>isGranted</h4>
<pre class="methodSignature">public&nbsp;boolean&nbsp;isGranted&#8203;(<a href="../model/Acl.html" title="interface in org.springframework.security.acls.model">Acl</a>&nbsp;acl,
                         java.util.List&lt;<a href="../model/Permission.html" title="interface in org.springframework.security.acls.model">Permission</a>&gt;&nbsp;permission,
                         java.util.List&lt;<a href="../model/Sid.html" title="interface in org.springframework.security.acls.model">Sid</a>&gt;&nbsp;sids,
                         boolean&nbsp;administrativeMode)
                  throws <a href="../model/NotFoundException.html" title="class in org.springframework.security.acls.model">NotFoundException</a></pre>
<div class="block">Determines authorization. The order of the <code>permission</code> and
<code>sid</code> arguments is <em>extremely important</em>! The method will iterate
through each of the <code>permission</code>s in the order specified. For each
iteration, all of the <code>sid</code>s will be considered, again in the order they
are presented. A search will then be performed for the first
<a href="../model/AccessControlEntry.html" title="interface in org.springframework.security.acls.model"><code>AccessControlEntry</code></a> object that directly matches that
<code>permission:sid</code> combination. When the <em>first full match</em> is
found (ie an ACE that has the SID currently being searched for and the exact
permission bit mask being search for), the grant or deny flag for that ACE will
prevail. If the ACE specifies to grant access, the method will return
<code>true</code>. If the ACE specifies to deny access, the loop will stop and the
next <code>permission</code> iteration will be performed. If each permission
indicates to deny access, the first deny ACE found will be considered the reason
for the failure (as it was the first match found, and is therefore the one most
logically requiring changes - although not always). If absolutely no matching ACE
was found at all for any permission, the parent ACL will be tried (provided that
there is a parent and <a href="../model/Acl.html#isEntriesInheriting()"><code>Acl.isEntriesInheriting()</code></a> is <code>true</code>. The
parent ACL will also scan its parent and so on. If ultimately no matching ACE is
found, a <code>NotFoundException</code> will be thrown and the caller will need to
decide how to handle the permission check. Similarly, if any of the SID arguments
presented to the method were not loaded by the ACL,
<code>UnloadedSidException</code> will be thrown.</div>
<dl>
<dt><span class="overrideSpecifyLabel">Specified by:</span></dt>
<dd><code><a href="../model/PermissionGrantingStrategy.html#isGranted(org.springframework.security.acls.model.Acl,java.util.List,java.util.List,boolean)">isGranted</a></code>&nbsp;in interface&nbsp;<code><a href="../model/PermissionGrantingStrategy.html" title="interface in org.springframework.security.acls.model">PermissionGrantingStrategy</a></code></dd>
<dt><span class="paramLabel">Parameters:</span></dt>
<dd><code>permission</code> - the exact permissions to scan for (order is important)</dd>
<dd><code>sids</code> - the exact SIDs to scan for (order is important)</dd>
<dd><code>administrativeMode</code> - if <code>true</code> denotes the query is for
administrative purposes and no auditing will be undertaken</dd>
<dt><span class="returnLabel">Returns:</span></dt>
<dd><code>true</code> if one of the permissions has been granted,
<code>false</code> if one of the permissions has been specifically revoked</dd>
<dt><span class="throwsLabel">Throws:</span></dt>
<dd><code><a href="../model/NotFoundException.html" title="class in org.springframework.security.acls.model">NotFoundException</a></code> - if an exact ACE for one of the permission bit masks and
SID combination could not be found</dd>
</dl>
</li>
</ul>
<a id="isGranted(org.springframework.security.acls.model.AccessControlEntry,org.springframework.security.acls.model.Permission)">

</a>
<ul class="blockListLast">
<li class="blockList">
<h4>isGranted</h4>
<pre class="methodSignature">protected&nbsp;boolean&nbsp;isGranted&#8203;(<a href="../model/AccessControlEntry.html" title="interface in org.springframework.security.acls.model">AccessControlEntry</a>&nbsp;ace,
                            <a href="../model/Permission.html" title="interface in org.springframework.security.acls.model">Permission</a>&nbsp;p)</pre>
<div class="block">Compares an ACE Permission to the given Permission. By default, we compare the
Permission masks for exact match. Subclasses of this strategy can override this
behavior and implement more sophisticated comparisons, e.g. a bitwise comparison
for ACEs that grant access. <pre><code>
 if (ace.isGranting() &amp;&amp; p.getMask() != 0) {
    return (ace.getPermission().getMask() &amp; p.getMask()) != 0;
 } else {
    return ace.getPermission().getMask() == p.getMask();
 }
 </code></pre></div>
<dl>
<dt><span class="paramLabel">Parameters:</span></dt>
<dd><code>ace</code> - the ACE from the Acl holding the mask.</dd>
<dd><code>p</code> - the Permission we are checking against.</dd>
<dt><span class="returnLabel">Returns:</span></dt>
<dd>true, if the respective masks are considered to be equal.</dd>
</dl>
</li>
</ul>
</li>
</ul>
</section>
</li>
</ul>
</div>
</div>
</main>

<footer role="contentinfo">
<nav role="navigation">

<div class="bottomNav"><a id="navbar.bottom">

</a>
<div class="skipNav"><a href="DefaultPermissionGrantingStrategy.html#skip.navbar.bottom" title="Skip navigation links">Skip navigation links</a></div>
<a id="navbar.bottom.firstrow">

</a>
<ul class="navList" title="Navigation">
<li><a href="../../../../../index.html">Overview</a></li>
<li><a href="package-summary.html">Package</a></li>
<li class="navBarCell1Rev">Class</li>
<li><a href="package-tree.html">Tree</a></li>
<li><a href="../../../../../deprecated-list.html">Deprecated</a></li>
<li><a href="../../../../../index-all.html">Index</a></li>
<li><a href="../../../../../help-doc.html">Help</a></li>
</ul>
</div>
<div class="subNav">
<ul class="navList" id="allclasses_navbar_bottom">
<li><a href="../../../../../allclasses.html">All&nbsp;Classes</a></li>
</ul>
<div>
<script type="text/javascript"><!--
  allClassesLink = document.getElementById("allclasses_navbar_bottom");
  if(window==top) {
    allClassesLink.style.display = "block";
  }
  else {
    allClassesLink.style.display = "none";
  }
  //-->
</script>
<noscript>
<div>JavaScript is disabled on your browser.</div>
</noscript>
</div>
<div>
<ul class="subNavList">
<li>Summary:&nbsp;</li>
<li>Nested&nbsp;|&nbsp;</li>
<li>Field&nbsp;|&nbsp;</li>
<li><a href="DefaultPermissionGrantingStrategy.html#constructor.summary">Constr</a>&nbsp;|&nbsp;</li>
<li><a href="DefaultPermissionGrantingStrategy.html#method.summary">Method</a></li>
</ul>
<ul class="subNavList">
<li>Detail:&nbsp;</li>
<li>Field&nbsp;|&nbsp;</li>
<li><a href="DefaultPermissionGrantingStrategy.html#constructor.detail">Constr</a>&nbsp;|&nbsp;</li>
<li><a href="DefaultPermissionGrantingStrategy.html#method.detail">Method</a></li>
</ul>
</div>
<a id="skip.navbar.bottom">

</a></div>

</nav>
</footer>
<script>if (window.parent == window) {(function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){(i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o), m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)})(window,document,'script','//www.google-analytics.com/analytics.js','ga');ga('create', 'UA-2728886-23', 'auto', {'siteSpeedSampleRate': 100});ga('send', 'pageview');}</script><script defer src="https://static.cloudflareinsights.com/beacon.min.js/v652eace1692a40cfa3763df669d7439c1639079717194" integrity="sha512-Gi7xpJR8tSkrpF7aordPZQlW2DLtzUlZcumS8dMQjwDHEnw9I7ZLyiOj/6tZStRBGtGgN6ceN6cMH8z7etPGlw==" data-cf-beacon='{"rayId":"7040d9c78c59980c","token":"bffcb8a918ae4755926f76178bfbd26b","version":"2021.12.0","si":100}' crossorigin="anonymous"></script>
</body>
</html>
